dprrhb@inetg1.ARCO.COM (Reginald H. Beardsley) (05/29/91)
Klamer Schutte's comment last week about summing the bytes in two files as an alternative to cdiff led to a weekend of hacking. Basically, what Klamer proposed was using the PH distribution as the key for a Vigenere or variant Beauford cipher system. I have written the code for this and it works quite nicely. There is, unfortunately, a gotcha to all this. The source code makes a very poor key for a cipher system. Trivial attacks such as dividing the encrypted message by 2 or subtracting 0x20 will yield significant chunks of the source. Although you'd have to be slightly crazy to go to that much trouble to stiff PH for the measly $169 they charge, someone probably would do it. There is though, what looks like a satisfactory key available to all current 1.5.10 users in the form of the system binaries. I have been looking at the statistics of the compressed binaries for use as a cipher key. In general, they look pretty good. The cipher system output must be uuencoded for transmission since it attempts to spread the input uniformly over the interval 0 to 255, but otherwise has no problems. Both ASCII text and binaries can be reliably encoded. Speed is basically I/O limited so it is not significant. I still need to do some analysis on the subject of key security, but don't expect to encounter any real problems. Since there is on the order of 1.5 MB of cipher key available by compressing the PH binaries key length should not be an issue. The only thing left to check is for long period periodicities in the compressed binaries. (Yeah, I am going a bit overboard on this :-) ) I will post the code later this week along with a test example of some encrypted source (NOT PH code :-) ) for everyone to beat on. I've tried to think through all the gotchas, but I need help. If it gets a clean bill of health from a technical perspective, then it will be up to PH to say if they consider it satisfactory. (Note: I think PH and Andy have been very good about allowing us to play with their code. It makes me very sad to see all the bashing they get. No one is getting rich off of Minix. ) BTW: My mailbox seems to have been linked to /dev/null all last week so if you sent me mail, I didn't get it. Have fun! -- Reginald H. Beardsley ARCO Information Services Plano, TX 75075 Phone: (214)-754-6785 Internet: dprrhb@arco.com